Mobile Credentials: Make the Connection

April 21, 2022
Here’s what you should know about the ever-increasing “key” to electronic access control.

Several billion smartphones have made mobile credentials for access control the wave of the foreseeable future. As onboard biometrics gain traction, the mobile credential provides a simple route to a two- or even three-factor authentication process. The good news is that lockshops of all sizes can share in this market. Some already do.

This article will discuss the current state of the industry, what’s on the horizon and the important things you should know about mobile credentials.

Knowing the Basics

Distribution: The distribution of electronic products in commercial markets might appear to be confusing, but it’s a fairly standard process. Lock manufacturers form alliances or distribution channel partnerships with access control system (ACS) companies, such as Genetec, Keri, Keyscan and Lenel.

The ACS companies often include electronic locking products in their offerings to qualified service providers who install, program and service the systems. These programs tend to target larger installations. Some lockshops have built good businesses doing the installation, and others have expanded into the systems-integration business.

Lock wholesalers and contract hardware dealers generally provide electrified locking hardware to any lockshop or customer. However, Wi-Fi or networked products typically are sold to certified installers who have approved training on their products and IT network protocols.

A new hybrid program from a company called Lockt makes it easier for a lockshop to sell mobile credentials. We’ll discuss that further in a bit.

Apps: Mobile-credential apps are available on smartphones and watches that operate on Apple iOS or Google Android platforms. Battery-equipped Bluetooth Low Energy (BLE) fobs also are available. Other wearable applications, such as radio-frequency ID wristbands, work on multitechnology readers, but they don’t have the active BLE transmitting capability. For stand-alone locks, the mobile credential becomes the link with the head-end electronic access control (EAC) system.

Mobile credentials use two basic technologies:

  • BLE has programmable, high-speed, encrypted transmission that has selectable ranges between 2 and 30 feet, which makes it ideal for hands-free EAC applications. This technology appears to have gained a dominant position in the EAC market. Some BLE apps also can communicate from inside a pocket or purse when the app is open.
  • Near field communications (NFC) connects mobile credentials to a terminal located within a few centimeters. This typically requires tapping or twisting the phone on or near the terminal. NFC doesn’t appear to be adopted as widely in EAC yet.

In many cases, the app might be opened when an end user approaches a building and remain active during working hours for ease of access to locked doors on the site. This is called background mode. When an app is open or transmits in background mode, battery drain of the mobile device is similar with that of a pair of ear buds. Battery-operated locks often remain in “sleep” mode, powering up only when touched or activated, for longer battery life.

Typical System Layout

Your mobile credential requires an app, battery power and BLE. Smartphone versions also will have NFC and Wi-Fi transmitters. The mobile credential might communicate directly by Wi-Fi to a local ACS or be relayed through a cloud host that provides additional real-time updates and management. A bridge or link provides secure communications to the ACS head-end.

The app communicates via encrypted signals with the lock or reader. Encrypted communication with the ACS head-end is via local Wi-Fi or through a cell tower and the internet. In some cases, Wi-Fi is built into the lock, while in others, the smartphone downloads the data as it passes a Wi-Fi hot spot. The mobile credential, lock and transmission data all are encrypted in BLE applications.

Hands-free operation is possible for some BLE apps, which allows the mobile credential to remain in a pocket or purse. Many apps allow access to any authorized door, while others might require the user to open the app and select the door to open. The easier the access event is for the customer, the less “friction” is said to be involved in the experience.

BLE-equipped locks or readers most often will be configured for a read range of about 2 feet to prevent unauthorized access. Medium- or long-range settings can be used for gates or exterior openings. This is particularly popular during inclement weather. NFC apps however, generally require being within a couple of inches of the lock or reader because of the motion necessary to make the communication.

Hybrid systems are becoming common, because BLE chips are being added to existing stand-alone, Wi-Fi and hard-wired installations. Expect a strong stream of product developments in multitechnology applications in coming months. Mobile-ready readers and locks have become fairly standard in the past couple of years. BLE upgrade kits also now are available for most smart locks or readers, as well.

Mobile apps aren’t an open-architecture item. Each brand requires a separate app. A concern is that security would drop to the lowest common denominator if there were more interoperability.

What’s Available

Major players are up to their ears in mobile credentials. Allegion and SALTO were early adopters with then-current NFC technology popular in payment terminals. This has been frequently integrated with the Apple Wallet, for food service and EAC, in larger college applications. When BLE emerged with higher speeds, improved software updates, better encryption options and selectable read ranges, it quickly became the mobile-credential standard.

Residential: Residential products generally are available through traditional lock-supply channels, but there can be significant competition from DIY channels, such as Home Depot, Lowe’s and the internet. After reading the instructions, many homeowners will welcome your installation and setup.

Baldwin and Kwikset use the Kevo smart lock, which has mobile-credential apps or BLE fobs. The Yale Assure smart lock targets residential and multifamily sites. Most domestic and import brands now have, or plan for, mobile-credential applications.

Schlage has introduced its Encode Plus smart Wi-Fi deadbolt that uses the NFC-based Home Keys in the Apple Wallet for consumer applications.

Commercial: The Schlage Control smart lock is a mobile-enabled wireless deadbolt or interconnected lock for multifamily applications. This open-architecture product can be integrated with the customer’s existing or proposed EAC system.

Schlage Mobile Access Credentials were developed for commercial markets with apps that use asymmetric encryption. The BLE technology can reside on the same mobile credential as existing NFC systems that target the college market. Installed Schlage NDE and LE locks can be upgraded with the BLE chip or ordered as NDEB or LEB versions. Schlage Mobile Access Credentials communicate with the CTE controller.

ASSA ABLOY has developed mobile access products across domestic and international commercial brands. Adams Rite, Corbin-Russwin, HES, SARGENT and Securitron all provide options that include the Aperio smart-lock system and HID’s popular Signo readers.

These readers are available with multitechnology options to bridge legacy cards and even can include versatile Lumidigm multispectrum fingerprint scans, PINs and mobile credentials.

Existing Signo readers generally can be upgraded to accept BLE-connected mobile-credential apps. These products are famous for their Secure Identity Object data model for multilayered security. Mobile IDs also are based on cryptographically protected data objects.

dormakaba’s Keyscan Mobile Credential system has been prominent in commercial applications, lodging and upscale multifamily markets in North America and Europe for some time. This system will be integrated with BEST’s Switch Tech system.

BEST’s Switch Core is the starter kit for the Switch Tech family of EAC products. This opens a major locksmith opportunity for the more than 100 million small-format interchangeable cores (SFICs) in North America. Smaller institutions and agencies that rely on independent shops are prime targets. Traditional lock wholesale channels and a locksmith certification program provide an on-ramp for the locksmith community.

Multitechnology readers from dormakaba’s Farpointe Data also allow Switch Tech to be installed into existing hard-wired or Wi-Fi systems. When the Switch Tech app is placed in “background” mode, the mobile credential remains hands-free. Switch Tech is scheduled for integration into stand-alone, Wi-Fi or electrified locks, exit devices and other products. Upcoming developments will produce even more user convenience through mobile credentials, plus key-override options.

Lockt is a new organization created specifically to provide Switch Tech certification, support and documentation for the lock community. The company has developed a simplified access control head-end designed specifically for the lock community to run Switch Tech systems. Midlevel and enterprise systems also are available. These services are available to lockshops that purchase Switch Tech products from most wholesale lock suppliers that handle BEST and dormakaba products.

Proxess was an early player in the domestic mobile-credential market. The company specifically targets school districts, hospitality, multifamily housing and commercial applications through cost-effective mobile credentials and multitechnology locks and readers. The product line is open to lockshops that have electronic capability.

SALTO Systems targets hospitality and commercial markets. The company was an early innovator with NFC and has large installations in Europe and the Americas. BLE-enabled XS4 mortise and rim cylinders, stand-alone locks, readers, escutcheons and padlocks are available. Hager also includes SALTO products in its electronic door hardware.

Mul-T-Lock’s suite of products and mobile credentials are aimed at healthcare facilities, offices, education facilities and multifamily housing applications. The line includes escutcheons, smart cylinders, readers and padlocks.

Get in the Market

Markets for the independent lockshop include most of your existing customers. Multifamily housing is a major focus of several OEMs. Yale, Kwikset and Schlage all aim at residential applications and often integrate with smart-home systems. Independent motel and apartment owners also are lockshop prospects.

The hidden gem is the small school district. Millions of school rooms in small school districts are secured by SFICs. Look for county courthouses, rural planned-unit developments or others that use SFICs. Realistic markets for the lockshop also include small- to medium-size facilities that don’t have their own internal lockshops.

The Boy Scouts have it right with its motto “Be Prepared.” It’s far better to learn your potential market ahead of time and then go after it.

Cameron Sharpe, CPP, worked 30 years in the commercial lock and electronic access industry. Contact him at [email protected]

About the Author

Cameron Sharpe

Cameron Sharpe, CPP, worked 30 years in the commercial lock and electronic access industry. Contact him at [email protected].